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1 METHOD AND APPARATUS FOR ENCODING SECURITY STATUS INFORMATION 

2 

3 This application is a non-provisional application claiming priority from United States 

4 Provisional Application No. 60/43 1 ,078 and United States Provisional Application No. 

5 60/431,645 
6 

7 BACKGROUND OF TIIE INVENTION 
8 

9 FIELD OF THE INVENTION 

1 0 [0001] The present invention relates to a method and apparatus for encoding security status 

1 1 information, 
12 

13 DESCRIPTION OF THE PRIOR ART 

14 10002] Low rate personal wireless nelAvoiks are used with small devices with transmission 

1 5 speeds of up to 250 kilobits per second. These devices typically have severe power constraints 

1 6 as they are operated on batteries. In many of these devices, such as battery-operated sensors, 

17 remote controls, car door openers and light switches, it is necessary to have long battery life. If 

18 the batteries die too quickly then the replacement cost can be equal to the cost of the product 

19 itself. 

20 [0003] It is also desirable to have secure communications between such constrained devices 

21 to prevent abuse of the system. One technique is to encrypt data being sent between the devices. 

22 Encryption mathematically transforms the transmitted information using a secret key known only 

23 to the two parties who are communicating. Witfiout the key. the message is unintelligible. 

24 However, this requires overhead in the message structure in order to allow the recipient to 

25 decrypt the data. The sender must indicate which key it has used, which algoritlim it has used to 

26 encr>^t, and input parameters of the encryption algorithm such as a counter, 

27 [0004] Usually, a frame coimter is used as one of the input parameters for freshness in the 

28 encryption. Freshness means tliat the parameters change for each communication and are thus 

29 not reused. One type of encryption called a block cipher breaks up a message into parts (blocks) 
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1 of a fixed size. Various block ciphers are known such as DES (Data Encryption Standard) and 

2 AES (Advanced Encryption Standard). Block ciphers often use an input block as a seed when 

3 used in stream-cipher mode. This input block should not repeat in order to maintain data 

4 freshness and data confidentiality. In one approach, a frame counter and a key identifier are used 

5 as the input block and are indicated in the message that is sent. In addition, each message 

6 usually includes a sequence counter that is not used for security but rather to match the sending 

7 of a message with the acknowledgement thereof by the recipient. These messages typically 

8 include a data portion referred to as the payload which is about 20 bytes. Accordingly, a five 

9 byte overhead for security information represents a 25% overhead. 

1 0 [00051 The amount of data transferred between such constrained devices is one of the 

1 1. principal factors in their battery life. Accordingly, it is desirable to reduce the amount of 

1 2 information transferred. 

1 3 [0006] However, in order to maintain the security of the underlying encryption methods, the 
.1 4 number of bits in the frame counter should not be reduced. 

15 

16 SUMMARY OF THE INVENTION 

17 [0007] In accordance with one aspect of the present invention there is provided a method of 

18 encoding a frame counter used in communication between a sender and a receiver. The method 

1 9 comprises maintaining a sequence counter and a fi:ame counter at the sender and computiug new 

20 values of the frame counter such that the fiTime counter is unique and recoverable from an 

21 encoded value of the Irame counter and the sequence counter. 

22 [00081 another aspect there is provided a method of transmitting messages from a sender 

23 to a recipient over a wireless channel, the messages including a sequence counter and a fiwne 

24 counter. Tlie method comprises establishing initial values of the sequence counter and the fiame 

25 counter at the sender. Initial values of the frame counter and the sequence counter are provided 

26 to the recipient. The sender sends compressed messages including the value of the sequence 

27 coimter and not the fi:ame counter and monitors for an acknowledgement of receipt by the 

28 recipient. When no acknowledgment is received, the sender sends uncompressed messages until 

29 an acknowledgement of receipt is received from the recipient. The sequence counter is 
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1 incremented and the next value of the frame counter is established as the integer next larger than 

2 previous value of the frame counter which is congruent to the sequence counter modulo 256. 

3 (0009J In yet another aspect, there is provided a method of transmitting messages from a 

4 sender to a recipient over a wireless channel, the messages including a sequence counter and a 

5 frame counter. The method comprises establishing initial values of the sequence counter and the 

6 frame counter at the sender and providing the initial values of the frame counter and the 

7 sequence counter to the recipient. The sender sends compressed messages including the value of 

8 the sequence counter and not the frame counter. Periodically the sender sends unconipressed 

9 messages including the value of the frame counter according to predefined criteria. The sender 

1 0 increments the sequence counter and establishes tlie next value of the frame counter as the 

1 1 integer next larger than previous value of the frame counter which is congruent to the sequence 

12 counter modulo 2S6. 

13 [0010] In a further aspect^ there is provided a wireless device for receiving communications 

14 from other wireless devices in a wireless network. The device comprises storage for a frame 

15 counter, a receiver for obtaining a message over the wireless network^ the message including a 

1 6 sequence counter and data encrypted using a secret key and a new value of the frame counter as 

1 7 input to the encryption. The device includes a dccryptor contlgured to perform decryption 

1 8 complementary to the encryption used in the message, the dccryptor having access to the secret 

1 9 key. A processor is connected to the message receiver and configured to recover the value of the 

20 frame counter from a sequence counter in the message and provide the frame counter and 

21 encrypted data from the message to the dccryptor, 

22 [OOl 1 J In a yet further aspect, there is provided a wireless device for sending 

23 communications to other wireless devices in a wireless network. The device comprises storage 

24 for a frame counter and a sequence counter and a processor to compute a new value of the frame 

25 counter such that the frame counter is unique and recoverable from an encoded value of the 

26 frame counter and the sequence counter, The device further includes a transmitter for sending a 

27 message over the wireless network, the message including a sequence counter and data encrypted 

28 using a secret key and the new value of the frame counter as input to tlie encryption. 
29 
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1 
2 

3 BRIEF DESCRIPTION OF THE DRAWINGS 

4 [0012J These and other features of the preferred embodiments of the invention will become 

5 more apparent in the followmg detailed description in which reference is made to the appended 

6 drawings wherein; 

7 f0013J Figure 1 is a schematic representation of a communication system. 

8 |0014J Figure 2 is a more detailed view of a correspondent in the communication system of 

9 Figure 1 . 

10 1001 5] Figure 3 is a schematic representation of a message packet used by the 

1 1 correspondents of Figure 1 , 

1 2 [001 6] Figure 4 is a schematic representation of another embodiment of a message packet. 

13 I0017J Figure 5 is a schematic representation of an information exchange by tfie 

14 correspondents of Figure 1 . 

1 5 [001 8] Figure 6 is a schematic representation of an information interchange among tiie 

1 6 corespondents of Figure 1 • 

1 7 (0019) Figure 7 is a schematic representation of the method used in Figure 6. 

1 8 [0020] Figure 8 is a schematic representation of an information exchange between the 

1 9 correspondents o f Fi gure 1 » 

20 [0021 1 Figure 9 is a schematic representation of the method used in Figure 8. 

21 [0022] Figure 10 is a schematic representation of the method used in Figure 9. 

22 (0023] Figure 1 1 is a schematic representation of another infomiation exchange between the 

23 correspondents of Figure 1, 
24 

25 DESCRIPTION OF THE PREFERRED EMBODIMENTS 

26 [0024] As may be seen in Figures 1 and 2, a communication system 1 0 consists of 

27 correspondents 1 2, 14, 1 6, and 1 8 communicating over a wireless network 20. Correspondent 12 

28 includes a processor 22, a storage medium 24, a frame counter 26, a user interface 28, The 

29 processor 22 and storage 24 may be provided in an integrated circuit. The frame counter 26 is 
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1 used as input to an encryption method in the processor 22. The user interface 28 may be 

2 provided by a simple switch and an LED or by more sophisticated means such as a keyboard and 

3 a monitor or other display. Each correspondent includes a wireless network interface 29 which 

4 sends and receives signals at a predetermined radio frequency such as 2.4GHz or 868 MHz/915 

5 MHz. The correspondents can communicate directly with each other when they are in close 

6 cnougli proximity. The network 20 also provides wireless interfaces linked to routers, bridges, 

7 and other network hardware to provide connectivity beyond the range of wireless signals and to 

8 assist in establishing connections between physically close correspondents. 

9 [0025] The correspondents exchange messages using packets in the format shown in Figure 3 

10 by the numeral 30. The packet consists of three portions: a header 32, a payload 40, and a footer 

1 1 48. The header 32 contains a frame control portion 34, a sequence counter 36 which is notated 

12 as DSN and addressing fields 38. The payload portion 40 contains tlie actual content of the 

13 message, and includes security status information and data 46. The security status information 

14 42, 44 includes a compressed frame counter 42 and a key identifier 44. The footer portion 48 of 

15 the packet 30 includes an error control sequence. As shown in Figure 2, the compressed frame 

1 6 counter 42 and the sequence counter 36 together form the frame counter 50. 

17 [00261 In operation, tlie header Is used to direct the packet to its intended address using the 

1 8 addressing fi.elds. At tlie recipient, the footer is used to perform error correction and to ensure 

1 9 that the message has been received intact. In addition, the recipient may acknowledge the 

20 message. The acknowledgement will include the sequence counter DSN, Tlie sequence counter 

21 is used to match sent messages with their acknowledgements. The security status information 

22 includes a frame counter which is used as input to a decryption method at the recipient. The 

23 decryption method is then used to decode the data and recover the original data sent by the 

24 sender, 

25 [0027] In order to reduce the amount of information transferred, the frame counter is 

26 specially encoded. This encoding is accomplished by updating tlie frame counter N to a value of 

27 N^j^N such that = mi.n{A^^ such that DSN mod 256} . The frame counter can then 

28 be represented as 3 byte encoded frame counter portion with the sequence counter DSN 
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1 appended thereto. Accordingly, it is only necessary to tTansmit 3 bytes in the payload portion to 

2 communicate the frame counter rather than the full length of 4 bytes. 

3 [0028] In another embodiment, further reduction in the information transferred may be 

4 achieved by omitting the frame counter altogether from the payload as seen in Figure 4. The 

5 sequence counter DSN is then used to recover the new value of the frame counter by combining 

6 the previous value of the frame counter 42 in storage 24 with the value of the sequence counter, 

7 In this embodiment, the message is compressed by removing the frame counter entirely. 

8 [0029] Referring therefore to Figure 5, a simplified information exchange between one 

9 sender and one recipient is shown. The sender begins with a frame counter of 270, The sender 

1 0 transmits the frame counter 270 to the recipient. The recipient is then initialised to the beginning 

1 1 value of 270. For each farther communication, the sequence counter is incremented. 

12 Accordingly, the next message has a sequence counter of 15 and a frame counter of 271 . The 

1 3 sender sends the value of the sequence counter^ which is 1 5 and equal to 271 mod 256» to tlie 

1 4 recipient. The recipient then updates the frame counter with the integer next larger to 270 which 

15 is congruent to 15 mod 256, in this case the value 271 . Each sequential communication proceeds 

16 similarly with the sequence counter being incremented. Accordingly, the next transmission of a 

17 frame counter 272 is accomplished by transmitting the sequence counter of 1 6. The recipient 

1 8 may then recover the value 272 of the frame counter from the sequence counter 1 6 and the 

1 9 previous frame counter 271 . 

20 [0030] In typical use, the sender will be communicating with several recipients and 

2 1 accordingly the messages may be spaced out in time. There may be intervening messages to 

22 other recipients which necessitate incrementing the sequence control DSN between messages to 

23 any given recipient. Accordingly, the consecutive structure shown in Figure 5 may not always 

24 be present. The communication may proceed as shown in Figure 6 by the numeral 70, In this 

25 case, the frame counter begins at 7, which is sent to tlie first recipient which sets its frame 

26 counter to 7. In this example some time passes before the next message is transmitted to the first 

27 recipient. In this case, the next message is transmitted with a frame counter of 258 indicating 

28 that 250 otlier messages have been transmitted to other recipients by the sender in the interim, 

29 The value 258 is transmitted by sending the sequence counter, which is 258 mod 256 = 2. The 
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1 recipient then recovers 258 as the integer next larger than 7 which is congruent to 2 mod 256. 

2 The next message is transmitted with a frame counter of 289 which is transmitted by sending the 

3 sequence counter of 33, However, m this case, the recipient does not acknowledge receipt of this 

4 message. The non-acknowledgement may occur for a number of reasons including simply not 

5 receiving the message or a failure in the error control. Accordingly, the recipient's frame 

6 counter remains at 258, Smce the message is not acknowledged, the sender retransmits the full 

7 value 289 of the frame counter This retransmission resets the frame counter at the recipient to 

8 the value 289 and the recipient acknowledges with the value 33 = 289 mod 256. The final 

9 message sent immediately following tlie third message is 290, wliich is communicated by 

10 sending the sequence counter of 34 which is 290 mod 256. The recipient updates its frame 

1 1 counter to 290 and acknowledges receipt of the value 34. 

1 2 [0031 J In the above example, the recipient always acknowledges messages from the sender. 

1 3 Accordingly, the sender is immediately notified that a message has not been received because it 

14 does not receive an acknowledgement. In this case, the sender can send a full message to 

1 5 resynchronise transmission. 

1 6 I0032J Referring to Figure 7, the steps of the above method are shown general ly by the 

17 numeral 80. The sender first sends a compressed message at step 82. The compressed message 

1 8 includes the value of the sequence counter and not the frame counter. Upon receipt of the 

1 9 compressed message, the recipient updates its frame counter as the minimum value larger than 

20 the current frame counter which is congruent to the sequence counter modulo 256. If the message 

21 is acknowledged at step 84 then execution continues. Otherwise, the sender repeatedly sends 

22 uncompressed messages at step 86 until one of these is acknowledged. The uncompressed 

23 messages include the frame counter. Upon receipt of the uncompressed message, the recipient 

24 updates its frame counter to the value of the frame counter in die uncompressed message. Once 

25 the message is acknowledged, the sender increments the sequence counter for the next message 

26 at step 88. It is particularly expedient to increment the sequence counter by 1, however it will be 

27 recogni^.ed that other method of updates the sequence counter may be used by the sender. The 

28 sender then establishes the frame counter for the next message as tlie minimum value larger then 

29 the currenl frame counter wliich is congruent to the sequence counter modulo 256. 
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1 100331 In ail alternative embodiment, the recipient does not acknowledge messages received. 

2 The sender continues to transmit regardless of whether the messages are actually received. 

3 Accordingly, it is necessary for the sender to occasionally send uncompressed messages 

4 containing the value of the frame counter in case a loss of synchronisation has occurred. 

5 Referring therefore to Figure 8, the messages transmitted by the sender arc shown generally by 

6 the numeral 100. The first message reaches the recipient and accordingly both the sender and the 

7 recipient have frame counters of 7, However, the second message is lost during tranismission, 

8 Accordingly, the recipient's frame counter is not updated. Tlie third message is an 

9 uncompressed message and accordingly, updates the recipient's frame counter to 288, regardless 

10 of tlie earlier loss of synchronisation. The fourth message 289 is sent with the sequence counter 

1 1 of 33 and not the frame counter. This updates the recipient's frame counter to 289. The fiftli 

1 2 message 547 is lost during the transmission, and accordingly the recipient's frame counter is 

13 incorrect. The next message 601 is transmitted as the sequence counter of 89, which results in an 

14 incorrect .frame counter at the recipient since the computation yields the value 34S which is 

1 5 congruent to 89 modulo 256 but differs by 256 from the value of the frame counter in the sender. 

16 The incorrect frame counter results in a failure of decryption. Upon discovering the failure, the 

17 recipient maintains its frame counter of 289 rather than updating the frame counter to the 

1 8 incorrect value. The final message 805 is sent as aii uncompressed message which updates the 

1 9 recipient's frame counter to the correct value again, 

20 10034] The steps performed in the example of Figure 8 are shown schematically in Figure 9 

21 by the numeral 10. The sender furst sends a compressed message at step 12. The sender then 

22 increments the sequence control at step 1 14 tlien updates the frame counter at step 116. The 

23 sender then checks to see if it is time for resynchronisation at step 1 1 8. Rcsynchronisation can 

24 be performed at periodic intervals such as every 2, 3, 4. , 1 0 transmissions. When the resync is 

25 required, the sender sends an uncompressed message at step 120, otlierwise the sender proceeds 

26 to send compressed messages at step 112. It will be recognised that the sender independently 

27 decides which messages to send uncompressed. The sender cannot be guided by the recipient in 

28 this choice since there is no feedback from the recipient. 
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1 [0035] In a further cmbodimenl, the recipient occasionally acknowledges messages. 

2 Furthermore, the sender may indicate in the header of a sent message that this message should be 

3 acknowledged. The recipient can therefore use such messages to indicate that a loss of 

4 synchronisation has occurred. Referring tlierefore to Figure 10, a transmission is shown by the 

5 numeral 130. The first message 7 is sent and is acknowledged by the recipient. Both the sender 

6 and the recipient have frame counters of 7. The second frame counter 258 is communicated by 

7 sending the sequence counter of 2 and is lost during transmission. Tlie tliird message 288 is sent 

8 as ihe sequence counter of 32. The recipient acknowledges receipt of the sequence counter 32 

9 however, during the subsequent decryption, the recipient has an error since its frame counter is 

10 out of sync witli tlie sender since the reconstructed value is 32 rather than 288. Accordingly, the 

1 1 recipient enables an error flag. The next message 289 is sent as tlie sequence counter of 33, but 

12 is rejected by the recipient due to the error flag. Another message with a frame counter of 290 is 

1 3 sent to the recipient as the sequence counter of 34 and with a request for acknowledgement 

14 embedded in tfie message. When a recipient receives this message, it docs not acknowledge 

1 5 since the error flag is set. Therefore, the sender resends the message with the frame counter of 

.1 6 290 as an uncompressed message which resynchronizes tlie frame counters of the sender and the 

17 recipient again. The recipient then acknowledges receipt of the message with frame counter 290. 

18 The error flag indicates that a decryption error occurred and that synchronization must be 

1 9 established by received an uncompressed message including the frame counter, rather than a 

20 compressed message without the frame counter. It will be recognized that loss of synchronization 

21 may occur in this einbodiment^ but the synchronization is re-established with a delay of at most 

22 one acknowledged message. 

23 10036] Referring to Figure 1 1, the steps of this embodiment are shown schematically by the 

24 numeral 1 40. The sender first sends a compressed message at step 1 42- The recipient then 

25 acknowledges receipt of the uncompressed message at step 144. The recipient attempts to 

26 decrypt the message at step 1 46. If there is a failure during decryption at step 1 48, then the 

27 recipient sets an error flag at step 1 50. If there is no failure and the error flag is set, then the 

28 recipient clears the error flag at step 1 52. The sender then sends another compressed message at 

29 step 154. When the recipient receives the message, it checks to see if the error flag is set at step 
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} 156, If the error flag is not set, then the recipient acknowledges the message at step 158 and 

2 proceeds with decryption by steps 146 onward. If the flag is set, then the recipient does not 

3 acknowledge the message at step 1 60. If the message was sent with an acknowledgement 

4 request at step 162, tlien the sender detects this and sends an uncompressed message al step 1 64, 

5 and execution returns to the decryption step 1 46. If no acknowledgement request was seat, then 

6 tlie sender proceeds to send compressed messages at step 1 54. 

7 (00371 It will be recognised that in these embodiments, a reduction in the amount of data 

8 transferred is achieved. The reduction is realized by maintaining frame counters at both the 

9 sender and the recipient. The inventor has recognised that the recipient can reconstruct the 

10 correct value of the frame counter from partial information received from the sender in 

1 1 combination with the recipient's local copy of the information. Furthermore, a recovery 

12 mechanism is provided which re-synchronizes frame counters that end up out-of- 

1 3 synclironiscation. It wi 11 be recognized that tlie recovery mechanism allows the compression 

14 technique to be applied in a robust manner. 

1 5 [0038J It will be recognized that the above techniques are not limited to use with integers haft 

1 6 rather may be used with counters that are elements of a finite set with a partial ordering, 

1 7 Furthermore, although the technique has been described in the particularly advantageous setting 

18 of a cryptographic system, it may be applied in other settings where counters are used and where 

19 a reduction in communication cost is at a premium. One example of such a setting is the 

20 inclusion of frame counters to facilitate detection of duplicate transmission. 

21 10039] Althougji the invention has been described with reference to certain specific 

22 embodiments, vanous modifications thereof will be apparent to those skilled in the art without 

23 departing from the spirit and scope of the invention as outlined in the claims appended hereto. 
24 
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